Preventative Measures to Secure the Healthcare Industry

Brendon Macaraeg is Director of Product Marketing at Signal Sciences. Previously with CrowdStrike and Symantec, he focused on evangelizing and marketing security offerings. Outside of work, Brendon keeps busy with his wife and kids enjoying outdoor activities.

Each of us are represented by a collection of data. In the healthcare industry, this data includes personally identifiable information (PII) such as personal addresses, phone numbers, social security numbers, and employment history. Collectively, it’s referred to as ePHI, or electronic personal health information. In this post, we’ll look at how Signal Sciences helps medical vendors meet compliance while protecting valuable customer data.

Threat actors target healthcare and other organizations in order to resell and exploit ePHI. Once stolen and sold on the dark net, ePHI is maliciously used for a variety of purposes, including receiving medical treatment fraudulently while the bill is sent to someone else. However, stolen ePHI is more commonly used to commit tax fraud because medical records contain the information necessary to file fake tax returns. Unbeknownst to the victims, tax refunds are diverted to the fraudulent actor.

HIPAA, or the Health Insurance Portability and Accountability Act, is federal legislation that sets privacy standards for safeguarding medical information. As a regulatory tool to hold organizations accountable, it lays out the responsibility healthcare providers and vendors have to safeguard electronically stored and transmitted ePHI. Should attackers penetrate a healthcare company’s defenses to gain access to sensitive patient data, the HIPAA penalties that result can impact an organization's bottom line.

Securing Healthcare Data in the Cloud

One Medical runs a network of modern medical practices using a technology savvy approach and deals with a multitude of electronic medical records. Although they follow industry best practices in software development and testing to ensure the confidentiality of customer data, One Medical needed security that could scale with their cloud-first strategy and improve their overall security posture while staying compliant with HIPAA.

“We have always proactively prioritized security at One Medical. We wanted better visibility into our application layer, which is what led us to choose Signal Sciences,” said Jérémie Meyer de Ville, Senior Engineering Manager.

With Signal Sciences, not only did One Medical easily deploy application security that improves real-time visibility, decisioning, and action in the application layer, but enabled collaboration between teams improving visibility and security.

Not limited to security visibility, Signal Sciences provides One Medical’s development team additional benefits to engineering teams, including bug discovery and related issues in the codebase.

Castlight’s security team had invested in a traditional appliance WAF, but the solution fell short in terms of performance, visibility, and attack coverage. When it came to scoping protection for a newly acquired company’s web applications, the team approached Signal Sciences as an alternative.

Providing Visibility Across Web Services

LeanTaaS serves leading hospitals and healthcare providers across the country using a lean approach coupled with data analytics to create efficiencies so these medical facilities can reduce wait times for appointments and surgeries. They needed a solution that could secure their cloud-based web services and APIs as well as meet their HIPAA compliance requirements.

For a company like LeanTaaS where software is deployed frequently, Signal Sciences provided the ability to tightly integrate with their development and deployment process and provide the feedback loop necessary to streamline operations. And stay HIPAA compliant, they knew they needed security that works in real time to detect and block attacks at the application layer.

Protecting Personal Health Information with Signal Sciences

Each time you interact with a healthcare provider or facility, a new transaction about your digital self is generated, transmitted and stored across multiple organizations. Collectively, healthcare providers and vendors transmit and store huge volumes of ePHI. But as these customer stories show, visibility and actionable information is critical to protecting that data. Signal Sciences automated web application security offering enables healthcare organizations to monitor, detect and stop layer 7 web application attacks. We invite you to learn more about Signal Sciences full capabilities or see our solution in action for yourself.